CVE-2020-7309

low-risk
Published 2020-08-26

Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.9/10 Low
LOCAL / HIGH complexity

Affected Products (1)

Application And Change Control

Affected Vendors

Mcafee

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10324
https://kc.mcafee.com/corporate/index?page=content&id=SB10324
16
/ 100
low-risk
Severity 10/34 · Low
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal